Search⌘ K
Home
Courses
Practical Security: Simple Practices for Defending Your Systems

Storing Passwords When You’re the Client

Explore secure password storage techniques for client and server use. Understand why one-way hashing suits client passwords but not server authentication. Discover strategies like encryption, OS permissions, dedicated service accounts, and key vaults for safeguarding server credentials. Learn about using password managers for workstation security to reduce risk and improve password strength.

We'll cover the following...

So now we have four perfectly good password-hashing algorithms we can use. They’re so good it’s tempting to think that we’ve solved password storage for all use cases. Unfortunately, that’s not the case. We can only use these for hashing the passwords of clients that authenticate to us. If we need to authenticate to another system, we can’t use these password-hashing algorithms because they’re one-way only. We can never get the passwords back from a hash. So we’ll need another approach for storing passwords that we need to present to other systems.

Storing passwords on servers

How should we store passwords that are used by our servers to connect to other servers? Perhaps we could encrypt them before we store them on disk. That sounds good, but it doesn’t buy us much. The ...